Hello! The following patch overwrites your swap with zeros (with dd) on halt and then does an mkswap on it so that it's usable when turning on the pc again. It modifies /etc/init.d/halt.sh and adds a configuration line to /etc/conf.d/rc (RC_ZERO_SWAP=) so that you can turn swap-zeroing on and off easily. It's a rather simple patch and I'm running it for two weeks now without any problems. This patch is useful when you can't/don't want/think it's too complicated to use crypto for your swap (in case you're working with an old machine that would run even slower when crypting it). It's mainly useful for laptops and systems other people (you don't trust) also have physical access to. Well I'd really like to see it in the baselayout so that I don't have to patch all my machines manually :) If you don't like the patch at all or the way it works, please tell me - so that I can do thinks properly next time. -Craig-
Created attachment 79837 [details, diff] /etc/init.d/halt.sh patch for zeroing the swap on halt. configurable via /etc/conf.d/rc (RC_ZERO_SWAP)
Created attachment 79838 [details, diff] /etc/conf.d/rc patch for zeroing the swap on halt (RC_ZERO_SWAP)
Cool idea, just be sure to keep it un-selectable... :-) I would be using it on my laptop but not on my main PC...
>Cool idea, Thanks :) >just be sure to keep it un-selectable... :-) Sorry, I don't get what you mean (english is not my native language...). >I would be using it on my laptop but not on my main PC... I'd use it everywhere. It will be very easy to enable it, and it will bring you (at least some) additional security :) We'll see if others like it and if gentoo devs are going to integrate it :)
Well, neither is mine so it may be my fault. It was just a note for gentoo devs not to hardcode it, but keep it selectable via conf.d...
Comment on attachment 79837 [details, diff] /etc/init.d/halt.sh patch for zeroing the swap on halt. configurable via /etc/conf.d/rc (RC_ZERO_SWAP) post a patch by using `diff -u`
Created attachment 79860 [details, diff] /etc/init.d/halt.sh patch for zeroing the swap on halt. configurable via /etc/conf.d/rc (RC_ZERO_SWAP)
Created attachment 79861 [details, diff] /etc/conf.d/rc patch for zeroing the swap on halt (RC_ZERO_SWAP)
I'm sorry! I hope it's correct now (*shiver*)...
Created attachment 79889 [details, diff] baselayout-erase-swap.patch try this instead
http://bugs.gentoo.org/attachment.cgi?id=79861 It has to be + not - there I think, you swapped the filenames with diff. Well RC_ZERO_SWAP is better, but contains an error: if you want to overwrite the partition and do not specify the count= parameter for dd, it gets an error: dd if=/dev/zero of=/dev/hda3 dd: writing to `/dev/hda3': No space left on device 996031+0 records in 996030+0 records out when halting the system this results in: Erasing swap space /dev/hda3 ... [!!] -> which means: "failed" I'm attaching a new patch to solve that.
The rc patch: it has to be + not - there I think, you swapped the filenames with diff. Well RC_ZERO_SWAP is better, but contains an error: if you want to overwrite the partition and do not specify the count= parameter for dd, it gets an error: dd if=/dev/zero of=/dev/hda3 dd: writing to `/dev/hda3': No space left on device 996031+0 records in 996030+0 records out when halting the system this results in: Erasing swap space /dev/hda3 ... [!!] -> which means: "failed" I'm attaching a new patch to solve that with fdisk -s.
Created attachment 79936 [details, diff] RC_ERASE_SWAP patch for /etc/init.d/halt.sh
Comment on attachment 79936 [details, diff] RC_ERASE_SWAP patch for /etc/init.d/halt.sh fdisk isnt portable ... you need to figure out a different way of getting the size
Not portable? You mean not running on bsd or so? Well, dd does it's job fine, but does not returns 0. Suggestion: using /proc/partions...see the patch. other mad ideas you probably won't like: [1]: dd if=/dev/zero of=${s} bs=4096 &> /dev/null eend 0 [2]: echo `dd if=/dev/zero of=${s} bs=4096` &> /dev/null Then $? will be 0
Created attachment 79955 [details, diff] baselayout-erase-swap
not portable as in not all Linux hosts support it
Created attachment 80005 [details, diff] baselayout-erase-swap patch (I hope the last one :/ )
Ah ok. I'm sorry, but there was a last error in the patch. The bs= had to be 1024! I've tested the patch several times now and it works fine (finally). I attached the (hopefully) final version - I'm sorry that it was such a pain.
this: ssize=$(grep $(basename ${s}) /proc/partitions | awk '{print $3}') can be written simply as: ssize=$(awk '$4 == "'${s##*/}'" {print $3}' /proc/partitions 2> /dev/null)
Ok, if you prefer it like that. Shall I create a new patch or are you going to integrate it with you changes?
it isnt a matter of style, the version i posted uses only one fork added to svn, thanks for the patch
Ah, ok. Thanks for your patience :)
Just because I'm not familar with the process of adding patches: - Who decides if a patch is added to "unstable" and later to the "stable" tree? - When (if ever) will this one be added? Thanks.
> Just because I'm not familar with the process of adding patches: > - Who decides if a patch is added to "unstable" and later to the "stable" tree? the baselayout maintainers
